Date: Tue, 30 Apr 2013 12:00:29 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Yet more crashes On 04/30/13 at 08:20am, Lukas Odzioba wrote: > 2013/4/30 Dhiru Kholia <dhiru.kholia@...il.com>: > > On 04/28/13 at 08:31pm, Lukas Odzioba wrote: > >> algorithm - do we use it at all? > > > > No. > So why it is there? Can we just drop this field, or it might me used > in the future? > > >> datalen - minimum bound? > > Should not matter. > So -1000 is proper value, or rather 0 is the smallest valid one? > Same situation with count, I would like to hear from you what are the > bounds on this field. Negative values for datalen will get rejected with existing checks. if (strlen(p) != res * 2) goto err; You can't really have "negative length strings" ;) For count, checking for a positive value greater than 0 should be OK. > Can you be more specific about minimum ivlen? The possible values of ivlen are 8 and 16, IIRC. -- Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.